+#!/bin/sh
+
+# tlsproxy tests for the -u option.
+#
+# Copyright (C) 2011 Simon Ruderich
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+
+# Handle empty $srcdir.
+[ "x$srcdir" = x ] && srcdir=.
+
+. $srcdir/common.sh
+
+
+# Create necessary files.
+cleanup
+$srcdir/../src/tlsproxy-setup >/dev/null 2>/dev/null
+
+# Normal tests.
+../src/tlsproxy -d2 -u 4711 >/dev/null &
+server --x509certfile $srcdir/server.pem \
+ --x509keyfile $srcdir/server-key.pem
+sleep 1
+
+
+echo invalid hostname
+client unknown-host 80 - && abort
+test_proxy_failure
+test_no_invalid_certificate
+
+echo missing proxy and server certificate
+client localhost 4712 'test server' || abort
+test_proxy_successful
+test_invalid_certificate
+
+# Create the proxy certificate.
+$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
+ >/dev/null 2>/dev/null
+rm -f certificate-localhost-server.pem
+
+echo missing server certificate
+client localhost 4712 'test server' || abort
+test_proxy_successful
+test_invalid_certificate
+
+# Create the proxy and server certificate.
+$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
+ >/dev/null 2>/dev/null
+
+echo normal connection
+client localhost 4712 localhost || abort
+test_proxy_successful
+test_no_invalid_certificate
+
+
+# Stop server and try a "MITM" with a bad certificate.
+echo
+pkill -n gnutls-serv
+server --x509certfile $srcdir/server-bad.pem \
+ --x509keyfile $srcdir/server-key.pem
+sleep 1
+rm -f certificate-localhost-proxy.pem certificate-localhost-server.pem
+
+
+echo mitm invalid hostname
+client unknown-host 80 - && abort
+test_proxy_failure
+test_no_invalid_certificate
+
+echo mitm missing proxy and server certificate
+client localhost 4712 'test server bad' || abort
+test_proxy_successful
+test_invalid_certificate
+
+# Create the proxy certificate.
+$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
+ >/dev/null 2>/dev/null
+rm -f certificate-localhost-server.pem
+
+echo mitm missing server certificate
+client localhost 4712 'test server bad' || abort
+test_proxy_successful
+test_invalid_certificate
+
+# Create the proxy and server certificate.
+$srcdir/../src/tlsproxy-add localhost $srcdir/server.pem \
+ >/dev/null 2>/dev/null
+
+echo mitm normal connection
+client localhost 4712 invalid || abort
+test_proxy_successful
+test_invalid_certificate
+
+
+pkill -n gnutls-serv
+pkill -n tlsproxy
+
+cleanup
+rm -f tmp
+
+exit 0